Open Bug 1695119 Opened 4 years ago Updated 2 years ago

Crash @ mozilla::detail::MutexImpl::mutexLock() | mozilla::dom::`anonymous namespace'::WebProgressListener::OnStateChange

Categories

(Core :: DOM: Navigation, defect, P3)

Product:
Core
Component:
DOM: Navigation
Version:
Firefox 84
Type:
defect

Tracking

()

People

(Reporter: shawnjohnjr, Unassigned)

References

Details

Crash has been observed on KaiOS (branch from Gecko 84).
It looks like bug 1693946, Promise is null.

The concrete reproduce steps are unknown yet.

I think adding Promise null check is reasonable.

ABI: 'arm'
Timestamp: 2021-02-15 16:47:59+0800
pid: 2838, tid: 2838, name: b2g >>> /system/b2g/b2g <<<
uid: 0
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xc
Cause: null pointer dereference
r0 0000000c r1 bea34d88 r2 ae389798 r3 0eb88b2a
r4 0000000c r5 bea34d88 r6 00000000 r7 bea34d48
r8 ae389798 r9 00000000 r10 bea34d88 r11 9ba8bc8c
ip b29eab00 sp bea34d30 lr b29ca9bd pc b356e124

backtrace:
#00 pc 000ab124 /apex/com.android.runtime/lib/bionic/libc.so (pthread_mutex_lock+4) (BuildId: 1f4693f0a28e39adb613e92bac7a19b4)
#01 pc 000a69b9 /system/b2g/libmozglue.so (mozilla::detail::MutexImpl::mutexLock()+4) (BuildId: daef2011a9595299ec6434f82978284a593fa718)
#02 pc 0353a95b /system/b2g/libxul.so (void mozilla::MozPromise<mozilla::dom::ClientOpResult, mozilla::CopyableErrorResult, false>::Private::Reject<mozilla::CopyableErrorResult&>(mozilla::CopyableErrorResult&&&, char const*)+22) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
#03 pc 0354529d /system/b2g/libxul.so (mozilla::dom::(anonymous namespace)::WebProgressListener::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult)+364) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
#04 pc 040d0bef /system/b2g/libxul.so (_ZNSt3__110__function6__funcIZN7mozilla3dom26BrowsingContextWebProgress13OnStateChangeEP14nsIWebProgressP10nsIRequestj8nsresultE4$16NS_9allocatorISA_EEFvP22nsIWebProgressListenerEEclEOSE+36) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
#05 pc 040b6c39 /system/b2g/libxul.so (mozilla::dom::BrowsingContextWebProgress::UpdateAndNotifyListeners(unsigned int, std::__1::function<void (nsIWebProgressListener*)> const&)+144) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
#06 pc 040b6d21 /system/b2g/libxul.so (mozilla::dom::BrowsingContextWebProgress::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult)+76) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
#07 pc 03936f83 /system/b2g/libxul.so (mozilla::dom::BrowserParent::RecvOnStateChange(mozilla::Maybe<mozilla::dom::WebProgressData> const&, mozilla::dom::RequestData const&, unsigned int, nsresult, mozilla::Maybe<mozilla::dom::WebProgressStateChangeData> const&)+298) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
#08 pc 02ac4a51 /system/b2g/libxul.so (mozilla::dom::PBrowserParent::OnMessageReceived(IPC::Message const&)+7832) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
#09 pc 0298692b /system/b2g/libxul.so (mozilla::dom::PContentParent::OnMessageReceived(IPC::Message const&)+1166) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
#10 pc 02914ca1 /system/b2g/libxul.so (mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&)+296) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
#11 pc 029153cd /system/b2g/libxul.so (mozilla::ipc::MessageChannel::MessageTask::Run()+216) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
#12 pc 02630625 /system/b2g/libxul.so (mozilla::RunnableTask::Run()+12) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
#13 pc 0262fecf /system/b2g/libxul.so (mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&)+1798) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
#14 pc 0262f4ed /system/b2g/libxul.so (mozilla::TaskController::ProcessPendingMTTask(bool)+64) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
#15 pc 02631775 /system/b2g/libxul.so (_ZN7mozilla6detail16RunnableFunctionIZNS_14TaskController18InitializeInternalEvE3$_3E3RunEv+12) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
#16 pc 02637193 /system/b2g/libxul.so (nsThread::ProcessNextEvent(bool, bool*)+710) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
#17 pc 02638e33 /system/b2g/libxul.so (NS_ProcessNextEvent(nsIThread*, bool)+34) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
#18 pc 02916575 /system/b2g/libxul.so (mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*)+132) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
#19 pc 028f72e9 /system/b2g/libxul.so (MessageLoop::Run()+56) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
#20 pc 03aa5821 /system/b2g/libxul.so (nsBaseAppShell::Run()+28) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
#21 pc 041c3391 /system/b2g/libxul.so (nsAppStartup::Run()+92) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
#22 pc 0421cd2b /system/b2g/libxul.so (XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&)+5142) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
#23 pc 0421d863 /system/b2g/libxul.so (XRE_main(int, char**, mozilla::BootstrapConfig const&)+42) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
#24 pc 00002da1 /system/b2g/b2g (main+764) (BuildId: 3a407e58cfcf6fe0088819a5a0c1b5a1a6d39d03)
#25 pc 0005ab41 /apex/com.android.runtime/lib/bionic/libc.so (__libc_init+68) (BuildId: 1f4693f0a28e39adb613e92bac7a19b4)
#26 pc 00002048 /system/b2g/b2g (_start_main+64) (BuildId: 3a407e58cfcf6fe0088819a5a0c1b5a1a6d39d03)

Assignee: nobody → shawnjohnjr
Severity: -- → S3
Priority: -- → P3
See Also: → 1693946

The bug assignee is inactive on Bugzilla, so the assignee is being reset.

Assignee: shawnjohnjr → nobody
You need to log in before you can comment on or make changes to this bug.